Posts tagged Firefox

1 min Nexpose

CVE-2017-3823: Remote Code Execution Vulnerability in Cisco WebEx Browser Plugin

On January 21st 2017, Google's Project Zero disclosed a vulnerability in Cisco's WebEx browser plugin extension that could allow attackers to perform a remote code execution (RCE) exploit on any Windows host running the plugin. An initial fix was pushed out by Cisco that warned a user if they were launching a meeting from a domain other than * or *, however, the fix was questioned by April King from Mozilla [

9 min Exploits

12 Days of HaXmas: A Fireside Foray into a Firefox Fracas

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas/] with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Towards the end of November, the Tor community was shaken up by the revelation of an previously unknown vulnerability being actively exploited against pedo^H^H^H^H Tor Browser user

5 min Vulnerability Management

Using the National Vunerability Database to Reveal Vulnerability Trends Over Time

This is a guest post by Ismail Guneydas. Ismail Guneydas is senior technical leader with over ten years of experience in vulnerability management, digital forensics, e-Crime investigations and teaching. Currently he is a senior vulnerability manager at Kimberly-Clark and an adjunct faculty at Texas A&M. He has M.S.  in computer science and MBA degrees. 2015 is in the past, so now is as good a time as any to get some numbers together from the year that was and analyze them.  For this blog post,

5 min Vulnerability Disclosure

R7-2015-04 Disclosure: Mozilla Firefox Proxy Prototype RCE (CVE-2014-8636)

This blog post was originally written by Joe Vennix [], and published here with his permission. All first person pronouns refer to him. Adventures in Browser Exploitation: Firefox 31 - 34 RCE A few months ago, I was testing some Javascript code in Firefox involving Proxies. Proxies are a neat ECMAScript 6 feature that Firefox has had implemented for some time now. Proxy objects allow transparent interception of Javascript's normal get-/set-property pattern:     va

3 min Firefox

Weekly Metasploit Update: Heartbleed and Firefox Passwords

And we're back! So, full disclosure: I haven't written an update blog post in almost a month. I'm a terrible person, I know. The reasons are many, of course -- we had a Metasploit 4.9 release at the tail end of March, and then we had this Heartbleed thing happen in early April which still continues to dominate the thoughts and action of everyone I know. Yeah, I don't know many people outside of security. I'm kind of a loser like that. That said, the Metasploit juggernaught stops for no single b

3 min Firefox

Metasploit Weekly Update: Keeping Things Tidy

Making Beautiful Exploits This week, most of our energy has been spent on making Metasploit modules more beautiful. If you're not aware, we have this long-standing bug, Couple hundred msftidy warnings [], which deal mostly with the style and syntax of Metasploit modules. msftidy.rb [] is a little Ruby script that does some basic sanity checking on new Metasploit modules check

2 min Exploits

New Metasploit Payloads for Firefox Javascript Exploits

Those of you with a keen eye on metasploit-framework/master [] will notice the addition of three new payloads: * firefox/shell_reverse_tcp * firefox/shell_bind_tcp * firefox/exec These are Javascript payloads meant for executing in a privileged Javascript context inside of Firefox. By calling certain native functions not meant to be exposed to ordinary web content, a classic TCP command shell can be opened. To a pentester, these payloads are use

3 min Firefox

Weekly Metasploit Update: Firefox Payloads, VirusTotal Checks, and What To Do With Unstable Modules

Firefox Payloads Hey, remember last summer when it was reported that the FBI was allegedly targeting Firefox [/2013/08/07/heres-that-fbi-firefox-exploit-for-you-cve-2013-1690] with an 0day to nab criminals? Turns out, perhaps whoever was really behind it wasn't thinking far enough outside the box, because Firefox has some built-in functionality for some pretty nifty trickery which should make life significantly easier for the penetration tester and social engineer-er. As of this week, Metasplo

7 min Metasploit

Here's that FBI Firefox Exploit for You (CVE-2013-1690)

Hello fellow hackers, I hope you guys had a blast at Defcon partying it up and hacking all the things, because ready or not, here's more work for you.  During the second day of the conference, I noticed a reddit post [] regarding some Mozilla Firefox 0day possibly being used by the FBI in order to identify some users using Tor for crackdown on child pornography. The security community was amazing: withi